root/tags/REL-0.0.11beta/trunk/conf/rules.txt @ 44

Revision 44, 1.0 KB (checked in by andreu, 15 years ago)

ticket #11 and add generic conf in conf/rules.txt & tool/check.sh

  • Property svn:eol-style set to native
Line 
1# This file is an exemple
2# you must create your own rules
3
4# #: commented line
5# N: rule name (string without space)
6# O: output type (only socket in this release)
7# C: check field : C <field ID> <operator> <value>
8# A: aggregation scheme (not present in this release)
9# R: field ID to record (not present in this release), if no record all fields
10#    are recorded
11# field IDs can be found on the following url:
12# http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00800a3db9.shtml
13# in table 6
14
15# Example
16# Dump on 10.0.01:1111 all MPLS flow (field 46 = 5)
17#N test_MPLS
18#O socket 10.0.0.1 1111
19#C 46 = 5
20
21# Example
22# This rule depends on functionnality not present in this release
23# from TCP flows
24# prefix aggregation
25# five minutes
26# record in/out octets
27#N TCPVolumetry
28#O file ascii /tmp/output2.txt
29#A P
30#R 4 1 R 4 25
31
32# Example
33# This rule depends on functionnality not present in this release
34# get all flows whom size between 15 & 16 Mo
35# record all fields in a file
36#N Get_From_Size
37#O file bin /tmp/output.txt
38#C 1 > 15 C 1 < 16
39
Note: See TracBrowser for help on using the browser.